Hack the Pentagon

Happy One-Year Anniversary

In November 2016, the Pentagon and Synack launchedthe Defense Department’s first private bug bounty program.

The Program

The Hack the Pentagon program is pioneering a crowdsourced approach to securing the government’s digital assets.
The DoD engaged Synack to lead this new initiative and provide real security where traditional methods have fallen short.
This private, government-grade bug bounty and vulnerability disclosure program discovers and helps remediate critical vulnerabilities in the DoD’s sensitive internal systems before the adversary can attack.

The Target

Agencies use Synack to test their high-value assets that cannot afford to be hacked. Customers trust Synack to provide an adversarial perspective on their systems’ security that will uncover unknown vulnerability risk.

What our customers say:

“If there’s any element when you don’t have trust in that [system] pipeline, that undermines a lot of how the department works.”

“If this system were hacked, it could send a tank to the White House.”

“This system provides critical information to military and civilian users—it has to be bulletproof.”

“This is a large undertaking—this source code has never been opened to ethical hackers before.”

Why Synack?

Synack provides “a private community of skilled and trusted researchers, diverse in skillset, and able to conduct both deep binary hacking, web-based attacks, reverse engineering, and network and system exploitation.”—Department of Defense

We recruit the top 10% of ethical hackers from around the world

We find 33% more severe vulnerabilities than other methods, usually in less than 24 hours

We offer 53% higher ROI than a traditional pen test, with a >95% signal-to-noise ratio

Synack's private, government-grade bug bounty launched a series of firsts

First time DoD has partnered with a private, vetted crowd of hackers

First time the DoD invited ethical hackers in to test sensitive internal systems

First time the DoD was able to receive security analytics and begin remediating in real time